How can I provide
automated User Registration from my software? (HTTP)
Overview
What
is User Registration?
Why
would I want to have the user register their software?
Is
there more than one way to accomplish this?
What
is HTTP?
What
is the POST command?
How
do I implement this on my server?
How
do I implement this into my software/client?
A
Flowchart/Diagram of how it works.
What
is HTTP Wizard SSL?
Example
source code for Server implementation
[Active
Server Pages]
Example
source code for the Clients implementation.
[Visual
Basic]
[Visual
C++]
[Visual
FoxPro]
Where
can I find this program?.
Who
is Seekford Solutions, Inc.?.
There is always a need to track
the usage of software. From how it is used to who it is used by. There are a
variety of reasons you would want to know who is using your software. This
article will describe not only why you should implement a User Registration
feature but also how to implement it quickly and easily. You will find
explanations of the logic as well as real source code you can use as the
building blocks for your own software. Since everyone has different levels of
knowledge this article is written so that the most basic developer should be
able to understand and yet even advanced developers will gain knowledge.
This sounds like a very simple
question but there are many different viewpoints on what the term means. For
some it is as simple as the email address for the user, for others it is the
User’s Name, address, telephone number, and all the information down to the
machines processor serial number. So User Registration, as defined in this
article, is the act of electronically submitting to another piece of software a
set of information related to the operator or owner of a piece of software that
is deemed important to the writer of the software with the operators consent.
Informally, it means the sending
of what you believe to be relevant user data by means of the Internet to
another piece of software.
The most basic reason would be to
understand who is using your software. Even if you don’t charge for your
software you should implement a standard and required method for the user to
acknowledge that they downloaded and are using your software. The information
can be very basic such as a First and Last name plus their e-mail address. Even
this limited information can open the door for product update information,
marketing, technical support and more. If you are a professional developer who
charges for the software then this information is even more important. It is
also good to have customers registered so you can provide them discounted
upgrades, technical support and more.
Software is very easy to copy no
matter how hard you try to stop it. User Registration is a very simple yet
effective way to combat piracy. When
your software registers the users information, it can verify that they are
licensed customers and unlock appropriate features. Remember that User
Registration does not only mean name and address but can also include Serial
Numbers, machine hard drive serial numbers, or other identifying information.
Using rather basic real-time server logic you can return information to the
client letting it know whether the data is valid and if it is allowed to unlock
itself.
A very popular method with
Microsoft and other vendors is to require a simple registration of your
software that sends the product ID and then verifies the number of
installations that have used the same product ID. You can then limit the number
of copies of the application installed to different machines.
As the saying goes, there is
always more than one way to skin a cat. The logic behind the user registration
is relatively straightforward; it’s the implementation that becomes more
complicated. You can take information over the phone, have a registration card
people mail in, or have your application take the information and send it
electronically. Since this article’s scope is relevant only to the electronic
methods we will detail a couple of those.
There are a few different choices
and it really depends on the data you are sending as to which option is best
for you.
You can send the data to a web
server application and have it handle the data and issue a response. This is a
great way all around and is the best method if you need a real-time response.
It also has the ability to use secure channels of communication using the
Secure Sockets Layer (SSL) protocol for data transmission.
You can send the information in a
specially formatted email so that you have another application that retrieves
the emails and processes them. You can also use this method to return data to
the client, but it is definitely not the best way since the response is not
guaranteed to be received within a reasonable amount of time. This is, however,
an easy to implement method for sending simple data that does not require a
processed response.
You can write a custom server
application that is reachable over the Internet and that handles the clients
request and issues a response. This can be a great way to go if you have a
large amount of resources, want to have tight control of every aspect and enjoy
a challenge. However, it is not a feasible nor is it a practical way of going.
The first option will be discussed
in more detail in this article. The second is discussed in another article
available at http://www.seekfordsolutions.com/Articles/
with SMTP at the end of the Article’s name.
There are a large number of
servers on the Internet and almost all of them run web server software. Almost
all web server software is able to handle thousands of simultaneous requests at
a time, which makes it great for reliability with User Registrations. Using a
combination of server side scripting and the HTTP protocol the interaction
process becomes simple and robust.
If you have ever used a web
browser, and you must have used one to see this article, then you understand
that all web servers use HTTP to exchange information. Well, HTTP is actually
an acronym for Hyper Text Transfer Protocol. Like the language we use to
communicate, this is the language that the web servers speak to understand what
a client wants. The protocol has a variety of commands that are used but the
most common one used for sending data to the server that it can process and
return a response is the POST command.
Have you ever submitted a Form on
a web page? Perhaps it was something where you entered your user name and
password, or maybe your email address. These forms use the POST method to
transmit data to the server for processing. Maybe the server application
validates the information you send, it adds it to a database, or maybe even
returns data based on the information received. This is the command your
application will issue to the server to send the registration data so that it
can be processed. To properly handle the data you will need to write a script
or special application that runs on the server.
The most common way is to write a
CGI, common gateway interface, script. This is most easily accomplished using a
technology called Active Server Pages on the Internet Information Services web
server. ASP uses VBScript as its language and makes it very simple and
straightforward to implement database access and custom logic. We have included
some sample source code further in this article that shows one way of handling
a basic registration using ASP.
Other than using ASP, you can use
Perl or other server scripting languages or possibly an application that is
compatible with the web server. Those technologies will use the same logic as
in the example code but are beyond the scope of this article.
To implement the registration
functionality in your client application is relatively simple. The hardest part
will be choosing what information you want from the user and obtaining that
information. It will actually take longer to get the information from the user
than it will be to code the registration part. To accomplish this complex task
so easily you will need to download a product called HTTP Wizard SSL v2, an
ActiveX control (OCX), from
http://www.seekfordsolutions.com/Products/HTTPWizard/ that will let you
use the HTTP protocol without having to really understand it. The
implementation will be basically the collection of information from the
user/operator and then building a Form object, putting the data into the
object, and then having HTTP Wizard SSL POST the data to the website. If you
expect a response you can examine the response data and process it. If you were
registering a licensed product you can use the response data to determine if
the user should be allowed access to the application or if features should be
unlocked.
HTTP Wizard SSL v2.0 is an ActiveX
control (OCX) that is designed for fast, powerful, and simple implementation of
the HTTP protocol. You are able to synchronously or asynchronously access a web
server and upload files, download files and pages, send server variables and
data and much more. The control supports the SSL communication protocol for
transmitting to secure website so that all the data is encrypted safely. It has
an extensive object model that is very easy to understand and comes with full
technical support free of charge. The control does NOT use the wininet API. It
talks directly to the server via Sockets so you get a reliable no-nonsense
connection to the server unlike some of the competition who just wrote a
wrapper and sells it.
The source code provided is a
basic starting point. It works in real world situations but every developer has
specific needs. The code has been designed with a general-purpose
implementation and is easily adaptable to your particular need.
Example online at:
http://www.seekfordsolutions.com/CustomWork/HTTPTests/UserRegistrationExample.asp
<%
if(Request.Form.Count >0)
then
'We check to see anything was submitted
dim sFirstName
dim sAddress
dim sEmailAddress
dim sRegNumber
dim bOK
sFirstName
= Request.Form("pFirstName")
sAddress
= Request.Form("pAddress")
sEmailAddress
= Request.Form("pEmail")
sRegNumber
= Request.Form("pSerialNumber")
'For debug purposes
Response.Write "<BR>First Name: "
& sFirstName
Response.Write "<BR>Address: "
& sAddress
Response.Write "<BR>Email: "
& sEmailAddress
Response.Write "<BR>Serial Number: " & sRegNumber
'end dbug
'this function is generic for whatever you will do with the data
'most likely you should validate and then enter the data into a database
'if you need to check the serial number then if it is bad return false
bOK = RegisterUserData(sFirstName, sAddress, sEmailAddress, sRegNumber)
if(bOK) then
'If registration was successful notify client
Response.Write
"<BR><REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>"
else
'If registration was not successful, let client
know
Response.Write
"<BR><REGISTRATIONSTATUS>FAILED</REGISTRATIONSTATUS>"
end if
Response.End ' We have nothing else to say to
the client
else
Response.Write "<HTML><BODY>NO DATA
SUBMITTED!</BODY></HTML>"
end if
function RegisterUserData(sFirstName,
sAddress, sEmailAddress, sRegNumber)
'We manipulate the data here.
'you can enter the data into a database, validate the serial, etc.
RegisterUserData = TRUE
end function
%>
Private
Const constSuccessFlag As String
= "<REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>"
Private
Const constFailureFlag As String
= "<REGISTRATIONSTATUS>FAILED</REGISTRATIONSTATUS>"
Private Sub cmdRegister_Click()
'Declare the FormBuilder object
Dim obForm As
New HTTPWIZARDLib.FormBuilder
'The headers object we pass
Dim obHeaders
As New HTTPWIZARDLib.HTTPHeaders
'The response object we will use
Dim obResponse
As HTTPWIZARDLib.HTTPResponse
'This will check the data for the response
Dim sDataCheck
As String
'Simplify access to the
obForm object
'Setup the variables with the User Information
With obForm
'It is very easy to expand on the logic show below
'simply adding new variables requires only a new line of code
'remember, the first parameter is the variable name tne server uses to
access the value
'the second parameter is the value associated with the variable named
'Set the First Name value
.AddFormVar "pFirstName", txtName.Text
'Set the Address value
.AddFormVar "pAddress", txtAddress.Text
'Set the EMail address value
.AddFormVar "pEmail", txtEmail.Text
'Set the Serial Number value
.AddFormVar "pSerial", txtSerial.Text
'This is the URI of where to POST the form data to.
'below is the test URI we have setup for demonstration purposes
.URI = "/CustomWork/HTTPTests/UserRegistrationExample.asp"
End With '
we are done setting up the form
'Now we are going to post the data to the server
'afterwards we will check the response if we need to
'Here we set the server name to the proper
server
HTTPWizard1.ServerName = "www.SeekfordSolutions.com"
'we arent using SSL so we set this to false.
HTTPWizard1.UseSSL = False
'We set the port to the standard port 80
'If using SSL it should probably be 443
HTTPWizard1.ServerPort = 80
'Now we invoke the command, no need to connect
since the command automatically connects for us
Set
obResponse = HTTPWizard1.PostFormData(obHeaders, obForm)
If (obResponse Is Nothing)
Then
MsgBox "Error registering data: " &
HTTPWizard1.LastServerResponseDescription
Else
'successful so we start interpreting the data if we want to
sDataCheck = obResponse.Body
'our test page returns the following in the
response for validation
' Constant declared
as constSuccessFlag
' Success: <REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>
' Constant declared
as constFailureFlag
' Failure: <REGISTRATIONSTATUS>FAILED</REGISTRATIONSTATUS>
If (InStr(sDataCheck,
constSuccessFlag) > 0) Then
MsgBox "Registration Successful!"
Else
MsgBox "Registration Failed!"
End If
End If
End Sub
//Declare
the FormBuilder object
CFormBuilder obForm;
//The
headers object we pass
CHTTPHeaders obHeaders;
//The
response object we will use
CHTTPResponse obResponse;
//This
will check the data for the response
CString
sDataCheck;
obForm.CreateDispatch("HTTPWizard.FormBuilder2",NULL);
obHeaders.CreateDispatch("HTTPWizard.HTTPHeaders2",NULL);
//Simplify
access to the obForm object
//Setup
the variables with the User Information
//It is
very easy to expand on the logic show below
//simply
adding new variables requires only a new line of code
//remember,
the first parameter is the variable name tne server uses to access the value
//the
second parameter is the value associated with the variable named
//Set the
First Name value
obForm.AddFormVar( "pFirstName",
m_sNAME);
//Set the
Address value
obForm.AddFormVar( "pAddress",
m_sAddress);
//Set the
EMail address value
obForm.AddFormVar( "pEmail",
m_sEMail);
//Set the
Serial Number value
obForm.AddFormVar( "pSerial",
m_sSerial);
//This is
the URI of where to POST the form data to.
//below
is the test URI we have setup for demonstration purposes
obForm.SetUri("/CustomWork/HTTPTests/UserRegistrationExample.asp");
//Now we
are going to post the data to the server
//afterwards
we will check the response if we need to
//Here we
set the server name to the proper server
m_sHTTPWizard.SetServerName("www.SeekfordSolutions.com");
//we
arent using SSL so we set this to false.
m_sHTTPWizard.SetUseSSL(FALSE);
//We set
the port to the standard port 80
//If
using SSL it should probably be 443
m_sHTTPWizard.SetServerPort(80);
//Now we
invoke the command, no need to connect since the command automatically connects
for us
obResponse =
m_sHTTPWizard.PostFormData(obHeaders, obForm) ;
if(obResponse
== NULL)
{
AfxMessageBox(CString("Error registering data: ") +
m_sHTTPWizard.GetLastServerResponseDescription());
}else
{
//successful so we start interpreting the data if we want to
sDataCheck = obResponse.GetBody();
//our test page returns the following in the response for validation
// Success: <REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>
// Failure: <REGISTRATIONSTATUS>FAILED</REGISTRATIONSTATUS>
if
(sDataCheck.Find("<REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>")
>=0)
{
AfxMessageBox("Registration Successful!");
}else
{
AfxMessageBox("Registration Failed!");
}
}
&&Declare the FormBuilder object
local obForm
obForm = CreateObject("HTTPWizard.FormBuilder2")
&&The headers object we pass
local obHeaders
obHeaders = CreateObject("HTTPWizard.HTTPHeaders2")
&&The response object we will use
local obResponse
&&This will check the data for the response
local sDataCheck
&&Simplify access to the obForm object
&&Setup the variables with the User Information
&&It is very easy to expand on the logic show below
&&simply adding new variables requires only a new line of code
&&remember, the first parameter is the variable name tne server
uses to access the value
&&the second parameter is the value associated with the variable
named
&&Set the First Name value
obForm.AddFormVar( "pFirstName", THISFORM.txtName.value)
&&Set the Address value
obForm.AddFormVar( "pAddress", THISFORM.txtAddress.value)
&&Set the EMail address value
obForm.AddFormVar( "pEmail", THISFORM.txtEmail.value)
&&Set the Serial Number value
obForm.AddFormVar( "pSerial", THISFORM.txtSerial.value)
&&This is the URI of where to POST the form data to.
&&below is the test URI we have setup for demonstration purposes
obForm.URI = "/CustomWork/HTTPTests/UserRegistrationExample.asp"
&&Now we are going to post the data to
the server
&&afterwards we will check the response if we need to
&&Here we set the server name to the proper server
THISFORM.HTTPWizard1.ServerName =
"www.SeekfordSolutions.com"
&&we arent using SSL so we set this to
false.
THISFORM.HTTPWizard1.UseSSL = .f.
&&We set the port to the standard port
80
&&If using SSL it should probably be 443
THISFORM.HTTPWizard1.ServerPort = 80
&&Now we invoke the command, no need to
connect since the command automatically connects for us
obResponse = THISFORM.HTTPWizard1.PostFormData(obHeaders, obForm)
If (obResponse = NULL)
Then
MessageBox( "Error registering data: " +
HTTPWizard1.LastServerResponseDescription)
Else
&&successful so we start interpreting
the data if we want to
sDataCheck = obResponse.Body
&&our test page returns the following in the response for
validation
&& Success:
<REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>
&& Failure:
<REGISTRATIONSTATUS>FAILED</REGISTRATIONSTATUS>
If (ATC("<REGISTRATIONSTATUS>SUCCESS</REGISTRATIONSTATUS>",sDataCheck)
> 0) Then
MessageBox( "Registration Successful!")
Else
MessageBox( "Registration Failed!")
EndIf
EndIf
This program can be found online
at http://www.seekfordsolutions.com/Products/HTTPWizard/
. If you have any questions you can always email
softeng@seekfordsolutions.com and they will be happy to help. Any
product related questions are free of charge and custom projects can be quoted
at competitive rates.
Seekford Solutions, Inc. is a
software development corporation specializing in the design and development of
state of the art ActiveX controls and custom projects. Their core product line
is focused on Internet technologies primarily in the facilitation of the use of
common Internet protocols. The design philosophy is based on ease of use and
quick implementation time. They also handle custom projects for clients who are
need of specialty software or who need a framework base to use. The company was
founded in early 2001. Their website is
http://www.seekfordsolutions.com/.
|